The Collateral Damage of Personally Identifiable Information (PII) Breach

In the previous article in this series on the collateral damage produced by a data breach, we looked at the catastrophic harm that could result if hackers gained access to your electronic health record, or EHR. In this post, we will review the collateral damage that can occur from Personally Identifiable Information (PII) Breach.

Another area of extreme interest for hackers is Personally Identifiable Information or PII. In this kind of breach, information like your address, phone number, online contact information, driver’s license number, date of birth, profession, employer, income, family members, and personal habits or interests can be directly associated with your name. In turn, this makes the stolen information even more useful for mounting highly targeted attacks on individuals for any number of purposes.

Personally Identifiable Information (PII) Breach

Cincinnati Police Officers’ Personal Identifying Information Dangerously Exposed

Some might argue that much of your PII is publically available, but it is not available as a complete set. For example, name, address and phone numbers of Cincinnati police officers could be found in the yellow pages, but the phone book doesn’t say who they work for, where they work, or who their family members are. This is why the public exposure in February 2016 of personal data about members of the Cincinnati police force put the officers’ family members at risk.

Let’s look at some of the potential collateral damage of a Personally Identifiable Information (PII) Breach.

  • Mailbox Theft or Dumpster Diving: Stolen personal identity information can lead to a targeted attack since the malicious attacker knows the details around where you live, where you work, who you work for and other such details. This can lead to malicious person targeting you to access confidential information. Such an attack can also divulge the secrets of your personal life, which can be used for additional targeted attacks, or to identify and locate your loved ones and associates in order to target them for attack.
  • Stalking and Retaliation: Compromised PII can be used by stalkers to locate individuals at home or work and put them in harm’s way, or to discover vulnerable opportunities by malicious individuals to retaliate for some perceived offense.
  • Compromised Home Security: Individuals identified as high-value targets of theft may be located through their personal identity information, which could lead to break-ins, theft and vandalism.
  • Customer Support Access: Most customer support centers verify the identity of the person calling by asking PII-related questions. By knowing your personal information, imposters can access your critical records. The harm done can range from requesting an unauthorized password change to draining your accounts.

Stolen personal identifying information can be used to target you – or even those associated with you – for direct mail scams or spear phishing attacks, personal or online coercion, slander or blackmail campaigns, or used in any number of other ways that would never be revealed through credit or identity monitoring. Two years of credit monitoring may be helpful when attackers target individual’s credit cards or open fraudulent financial accounts. Most of the damage done in a PII data breach or Personally Identifiable Information (PII) Breach, however, would not show up on an individual’s credit report, making credit monitoring ineffective in mitigating the damage which can be done.

In the next article, we’ll look at how a compromise in the security of your Social Security number could have very expensive ramifications for you. Check back with us to learn more about how to protect your sacred nine-digit number.

Contact us at ThreatModeler™ to learn more about our unique product.